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CLAIMS 

We Claim: 

1. A method performed by a hub for enabling a first device to allow communications 
from a second device wherein the first device is separated from the second device by access 

5 blocking apparatus, said method comprising: 

terminating a virtual pipe from the first device, 

assigning an IP address to the first device and associating this IP address with the 
virtual pipe, 

receiving communications originated by the second device and addressed to said IP 

10 address, 

routing the communications addressed to said IP address to the virtual pipe, and 
tunneling the communications over the virtual pipe to the first device. 

2. The method of claim 1 further comprising the steps of: 

15 receiving second communications originated by the first device through the virtual 

pipe, and 

routing the second communications from the first device to the second device. 

3. The method of claim 1 further comprising the step of: 

20 encrypting the communications prior to tunneling the communications over the 

virtual pipe. 

4. The method of claim 1 further comprising the steps of: 

receiving a plurality of communications originated by a plurality of second devices 
25 and addressed to the IP address, 

routing the plurality of communications addressed to the IP address to the virtual 
pipe, and 

tunneling the plurality of communications over the virtual pipe to the first device. 

30 5. The method of claim 1 further comprising the steps of: 

establishing an access control list to control access to the first device, and 
based on the access control list, routing the communications from the second device 
to the first device only if the second device has permission to access the first device. 

35 6. The method of claim 1 further comprising the steps of: 

terminating a second virtual pipe from the second device, 


7 
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assigning a second IP address to the second device, and 

receiving the communications from the second device through the second virtual 

pipe. 

7. The method of claim 6 wherein the IP addresses assigned to the first and second 
devices are private IP addresses. 

8. A system for enabling communications between a first device and a second device 
wherein said first device is separated from said second device by access blocking apparatus, 
said system comprising: 

a secure hub, and 

a virtual pipe between the first device and said secure hub, 

said secure hub including a pool of available IP addresses from which an IP address 
can be assigned to the first device, means for associating the assigned IP address with the 
virtual pipe, means for routing communications from the second device and addressed to the 
first device to the virtual pipe, and means for tunneling said communications over the virtual 
pipe to the first device. 

9. The system of claim 8 wherein said means for tunneling tunnels second 
communications over the virtual pipe from the first device, and wherein said means for 
routing routes the second communications to the second device. 

10. The system of claim 8 further comprising: 

a virtual pipe between the second device and said secure hub, and wherein said means 
for associating associates a second IP address from the pool of available IP addresses with the 
second virtual pipe, and wherein said means for tunneling tunnels said communications from 
the second device through the second virtual pipe. 

11. The system of claim 8 further comprising: 

an access control list to control access to the first device, and wherein, based on the 
access control list, said means for routing the communications from the second device to the 
first device routes the communications only if the second device has permission to access the 
first device. 

12. A system for enabling communication to a first communication device through 
the public network from a second communication device, said first and second 
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communication devices being separated by at least one security access blocking apparatus, 
said system comprising 

a secure hub having routing and switching functionality and pipe termination 
functionality and having interfaces to said public network, and 
5 means for creating a virtual pipe between said secure hub and said first 

communication device for tunneling communication, 

said secure hub further including means for assigning an IP address to said first 
communication device and associating said IP address with said virtual pipe. 

10 13. The system of claim 12 further including means for establishing said 

communication from said second communication device through said public network to said 
secure hub. 

14. The system of claim 13 wherein said means for establishing said communication 
15 from said second communication device includes means for defining a second virtual pipe. 

15. The system of claim 12 wherein said secure hub includes means for defining an 
access control list, said routing and switching functionality routing said communication from 
said second communication device to said virtual pipe only if such access is permitted by said 

20 access control list. 


